Lack of Entropy on Virtual Machine
If you are generating GPG keys on a virtual machine, you may encounter the following error.
Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy!
Operating systems generate randomness based on hardware input. This randomness is collected for use in applications which require random data (such as cryptographic applications). However, a virtual OS does not have the same level of access to real hardware. As a result, the usual source of randomness expected by the operating system is not available. The measure of randomness currently available (entropy) can be viewed by running $ cat /proc/sys/kernel/random/entropy_avail .
If the entropy pool drains, /dev/random will block until additional entropy is collected. One solution is to use /dev/urandom as a source. This will not block, but will produce lower quality randomness. You can use /dev/urandom by installing rng-tools and adding the following to /etc/default/rng-tools. Save and then restart rng-tools.
HRNGDEVICE=/dev/urandom
Unfortunately, using /dev/urandom is not suitable for my security requirements. A better solution would be to use a hardware entropy generator as described in Andy Smith's excellent post .
As a short-term work-around, I decided to generate keys on a physical host with a good quality source of randomness and then import them on the remote host.
Fix Mac OS X DNS Failure on UPC Router
About a week ago, I upgraded my MacBook Pro to OS X 10.6.4. Since then, I've had trouble with the internet connection *only* from my house and *only* on my MBP. Sometimes the connection would work fine, but most of the time Firefox/Safari would only load the first couple of pages and then new pages would start to time out.
Since I could ping/view a site by going to the server's IP address directly, the issue appeared to be with the MBP resolving DNS. DNS is how your computer translates a human readable URL such as andyregan.net to a machine readable IP address.
Since the problem was *only* with my UPC connection (router is Cisco EPC2425), I thought changing DNS provider to Google or OpenDNS might do the trick. Alas, the new DNS servers would work for the first few pages and then pages started timing out again.
After poking around the (extremely limited) options on the UPC router, I noticed that there were a ton of firewall blocks for the 192.168.1.0/24 network over the last week. Devices connecting to the router, such as my MBP, are assigned IP addresses within this range.
On closer inspection, I discovered that the router's firewall was blocking the MBP from the DNS servers for "LAN-side UDP Flood". I turned off the router's firewall and restarted it. Et voila! Bob's your uncle.
My guess is that the firewall blocks must be due to some change in DNS behavior since the last OS X update. Posting here to save some poor soul the heartache. It's important to note that turning off your router's firewall is at your own risk.